cancel
Showing results for 
Search instead for 
Did you mean: 

How to filter ABAP users in Identity Provisioning Service by ACTIVITYGROUPS-AGR_NAME/FROM_DAT/TO_DAT

0 Kudos
574

Hello Experts

I am new to SAP's Identity Provisioning and am trying to configure a new "SAP Application Server ABAP" Source with Targer IAS.

The new ABAP source system will filter users based on specific role assignment

e.g. Only process users with roles beginning "ZN*" assigned. The condition below combined with abap.role.filter=^ZN.* does this to a point, however does not take into account the start and end dates for individual role assignments to users

{ "user": 
{ "ignore": false, 
"condition": "($.ACTIVITYGROUPS[?(@.AGR_NAME contains 'ZN')] EMPTY false)", 
"mappings": [ { "sourcePath": "$.USERNAME", "targetVariable": "entityIdSourceSystem" },

What I'd like to do is modify the condition to take into account ACTIVITYGROUPS.FROM_DAT <= Todays Date and ACTIVITYGROUPS.TO_DAT >= Todays Date for each role assignment to only assign roles in IAS to user that are in validity. At the moment all roles starting ZN* are assigned regardless of start and end dates

e.g. in the table below ZNWBC_POC_BASIS should not be assigned in IAS. Any help will be greatly appreciated.

First attempts have failed at this and suspect I am looking in the wrong place to apply a condition e.g.

{
    "user": {
        "ignore": false,
        "condition": "(($.ACTIVITYGROUPS[?(@.AGR_NAME contains 'ZN') && ?(@.FROM_DAT <= '${currentDate}') && ?(@.TO_DAT >= '${currentDate}')] EMPTY false)",
        "mappings": [
 

Many thanks in advance

Mike

Accepted Solutions (0)

Answers (0)